Date: Sun, 9 Jan 2022 16:07:12 +0300 From: Mehmet Erol Sanliturk <m.e.sanliturk@gmail.com> To: "Steve O'Hara-Smith" <steve@sohara.org> Cc: Taceant Omnes <taceant@gmail.com>, FreeBSD Questions Mailing List <freebsd-questions@freebsd.org> Subject: Re: entering geli passphrase only once at FreeBSD boot Message-ID: <CAOgwaMshquXn8NbotqPQNp22_wVw_aSiG476%2BYVNuTKMPB7eDQ@mail.gmail.com> In-Reply-To: <20220109102339.45932ef6cf6f42daa3a1871d@sohara.org> References: <CAKkGsYKyPt5OfYVH5L=83yqzeHvkyMaU6oZH_0WzRFrWRKsXSw@mail.gmail.com> <20220109102339.45932ef6cf6f42daa3a1871d@sohara.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--0000000000001fdf7a05d525e843 Content-Type: text/plain; charset="UTF-8" On Sun, Jan 9, 2022 at 1:25 PM Steve O'Hara-Smith <steve@sohara.org> wrote: > On Sun, 9 Jan 2022 10:00:51 +0000 > Taceant Omnes <taceant@gmail.com> wrote: > > > Is there a way to enter the passphrase only once in FreeBSD that does > > not involve storing it in a file? > > My solution was to log in after boot and run a script - less than > elegant but possible to do remotely if I was away during a power outage > (happened once). I've since given up on using encrypted drives, after a > scare when one drive became inaccessible after an outage due to geli > errors. > > Another option would be to run something in rc.local that disables > getty on the console and uses /dev/ttyv0 directly which forces it to be > done by someone with physical access. A very flashy (pun intended) option > would be to put the key on a USB stick and do some devd magic to spot it > and do the necessary before talking out of the speaker. > > -- > Steve O'Hara-Smith <steve@sohara.org> > My idea is to use square barcode for such requirements with a square barcode reader . Up to now I could not find an opportunity to do it . There are programs to draw a square barcode from a given character string and printing it is possible . I am not a user of new generation cell phones , but I think it may be possible to use a cell phone to generate , store and show the square barcode to the required square barcode reader . If the square barcode name is not self-revealing , it is likely that no one will be able to understand what it is about . Perhaps there are other possibilities for such an approach ? Just an alternative idea ... With my best regards , Mehmet Erol Sanliturk --0000000000001fdf7a05d525e843 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div dir=3D"ltr"><div class=3D"gmail_default" style=3D"fon= t-family:tahoma,sans-serif;font-size:large"><br></div></div><br><div class= =3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Sun, Jan 9, 2022 = at 1:25 PM Steve O'Hara-Smith <<a href=3D"mailto:steve@sohara.org">s= teve@sohara.org</a>> wrote:<br></div><blockquote class=3D"gmail_quote" s= tyle=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);pad= ding-left:1ex">On Sun, 9 Jan 2022 10:00:51 +0000<br> Taceant Omnes <<a href=3D"mailto:taceant@gmail.com" target=3D"_blank">ta= ceant@gmail.com</a>> wrote:<br> <br> > Is there a way to enter the passphrase only once in FreeBSD that does<= br> > not involve storing it in a file?<br> <br> =C2=A0 =C2=A0 =C2=A0 =C2=A0 My solution was to log in after boot and run a = script - less than<br> elegant but possible to do remotely if I was away during a power outage<br> (happened once). I've since given up on using encrypted drives, after a= <br> scare when one drive became inaccessible after an outage due to geli errors= .<br> <br> =C2=A0 =C2=A0 =C2=A0 =C2=A0 Another option would be to run something in rc.= local that disables<br> getty on the console and uses /dev/ttyv0 directly which forces it to be<br> done by someone with physical access. A very flashy (pun intended) option<b= r> would be to put the key on a USB stick and do some devd magic to spot it<br= > and do the necessary before talking out of the speaker.<br> <br> -- <br> Steve O'Hara-Smith <<a href=3D"mailto:steve@sohara.org" target=3D"_b= lank">steve@sohara.org</a>><br></blockquote><div><br></div><div><br></di= v><div><br></div><div><div style=3D"font-family:tahoma,sans-serif;font-size= :large" class=3D"gmail_default">My idea is to use=C2=A0 square barcode for = such requirements with a square barcode <br></div><div style=3D"font-family= :tahoma,sans-serif;font-size:large" class=3D"gmail_default">reader . Up to = now I could not find an opportunity to do it .</div><div style=3D"font-fami= ly:tahoma,sans-serif;font-size:large" class=3D"gmail_default"><br></div><di= v style=3D"font-family:tahoma,sans-serif;font-size:large" class=3D"gmail_de= fault">There are programs to draw a square barcode from a given character s= tring and</div><div style=3D"font-family:tahoma,sans-serif;font-size:large"= class=3D"gmail_default">printing it is possible . I am not a user of new g= eneration cell phones , but I</div><div style=3D"font-family:tahoma,sans-se= rif;font-size:large" class=3D"gmail_default">think it may be possible to us= e a cell phone to generate , store and show the square <br></div><div style= =3D"font-family:tahoma,sans-serif;font-size:large" class=3D"gmail_default">= barcode to the required square barcode reader .=C2=A0 If the square barcode= name is not self-revealing , it is likely that no one will be able to unde= rstand what it is about .<br></div><div style=3D"font-family:tahoma,sans-se= rif;font-size:large" class=3D"gmail_default"><br></div><div style=3D"font-f= amily:tahoma,sans-serif;font-size:large" class=3D"gmail_default">Perhaps th= ere are other possibilities for such an approach ?</div><div style=3D"font-= family:tahoma,sans-serif;font-size:large" class=3D"gmail_default"><br></div= ><div style=3D"font-family:tahoma,sans-serif;font-size:large" class=3D"gmai= l_default">Just an alternative idea ...</div><div style=3D"font-family:taho= ma,sans-serif;font-size:large" class=3D"gmail_default"><br></div><div style= =3D"font-family:tahoma,sans-serif;font-size:large" class=3D"gmail_default">= <br></div><div style=3D"font-family:tahoma,sans-serif;font-size:large" clas= s=3D"gmail_default"><br></div><div style=3D"font-family:tahoma,sans-serif;f= ont-size:large" class=3D"gmail_default">With my best regards ,</div><div st= yle=3D"font-family:tahoma,sans-serif;font-size:large" class=3D"gmail_defaul= t"><br></div><div style=3D"font-family:tahoma,sans-serif;font-size:large" c= lass=3D"gmail_default"><br></div><div style=3D"font-family:tahoma,sans-seri= f;font-size:large" class=3D"gmail_default"><br></div><div style=3D"font-fam= ily:tahoma,sans-serif;font-size:large" class=3D"gmail_default">Mehmet Erol = Sanliturk</div><div style=3D"font-family:tahoma,sans-serif;font-size:large"= class=3D"gmail_default"><br></div><div style=3D"font-family:tahoma,sans-se= rif;font-size:large" class=3D"gmail_default"><br></div><div style=3D"font-f= amily:tahoma,sans-serif;font-size:large" class=3D"gmail_default"><br></div>= <div style=3D"font-family:tahoma,sans-serif;font-size:large" class=3D"gmail= _default"><br></div><div style=3D"font-family:tahoma,sans-serif;font-size:l= arge" class=3D"gmail_default"><br></div><div style=3D"font-family:tahoma,sa= ns-serif;font-size:large" class=3D"gmail_default"><br></div><div style=3D"f= ont-family:tahoma,sans-serif;font-size:large" class=3D"gmail_default"><br><= /div><br></div><div><br></div><div><br></div><div>=C2=A0</div></div></div> --0000000000001fdf7a05d525e843--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOgwaMshquXn8NbotqPQNp22_wVw_aSiG476%2BYVNuTKMPB7eDQ>